Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 162899 - (CVE-2002-1903) CVE-2002-1903 pine username disclosure issue
CVE-2002-1903 pine username disclosure issue
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Linux 2.1
Classification: Red Hat
Component: pine (Show other bugs)
2.1
All Linux
medium Severity low
: ---
: ---
Assigned To: X/OpenGL Maintenance List
Ben Levenson
impact=low,public=20020607,source=cve...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-07-11 11:19 EDT by Josh Bressers
Modified: 2012-08-19 03:47 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-03-09 03:58:46 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Josh Bressers 2005-07-11 11:19:41 EDT 
This text is taken from here:
http://archives.neohapsis.com/archives/bugtraq/2002-06/0053.html
From: Roger Marquis

    The Pine email client allows users to define the "From:"
    address independent of their Unix username. This is an
    indispensable feature for help desks and other role accounts.

    Unfortunately, user names and/or ids can still be leaked due to
    Pine's insertion of "Sender:" and/or "X-Sender:" headers. Pine
    versions earlier than 4.44 may also insert the Unix username
    into other envelope and header fields. 


That message also contains a patch for this issue.
Comment 2 Mark J. Cox 2007-07-20 08:02:53 EDT 
This is a debatable security issue, it's the way many mailers worked, it was
documented behaviour, and is of minimal security consequence.  It's not worth
issuing a security update for RHEL2.1 to correct this issue.  wontfix.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.